Table of Contents
Advertisement
Preventing and Forcing Attack Detection
Use the following commands to configure or remove a dont-filter setting for or from a specified
situation:
From the SCE(config if)# prompt, type:
Commands
attack-filter dont-filter protocol (((TCP|UDP)
[dest-port (port-number
|not-specific))|ICMP|other) attack-direction
(((single-side-source|single-side-destination|sin
gle-side-both) (ip ip-address)|(dual-sided
source-ip source-ip-address destination-ip
dest-ip-address)) side
(subscriber|network|both)
no attack-filter dont-filter protocol
(((TCP|UDP) [dest-port (port-number
|not-specific))|ICMP|other) attack-direction
(((single-side-source|single-side-destination|sin
gle-side-both) (ip ip-address)|(dual-sided
source-ip source-ip-address destination-ip
dest-ip-address)) side
(subscriber|network|both)
How to Remove All dont-filter Settings
From the SCE(config if)# prompt, type:
Command
no attack-filter dont-filter all
Forcing Attack Filtering
Attack filtering can be forced for a specified IP address/protocol. Forced attack filtering will continue
until undone by an explicit CLI command (either no force-filter or dont-filter).
•
Use the following commands to configure or remove a force-filter setting for or from a specified
situation:
Cisco SCE 8000 10GBE Software Configuration Guide
12-22
How to Remove All force-filter Settings, page 12-23
Chapter 12
Identifying and Preventing Distributed Denial-of-Service Attacks
Purpose
Configures a dont-filter setting for a specified
situation.
Removes a dont-filter setting from a specified
situation.
Purpose
Removes all dont-filter settings.
OL-30621-02
Advertisement
Chapters
Table of Contents
